Is prevx1 enough to cover what others like ProcessGuard or System Safety Monitor cover? Is there an advantage to add PG or SSM to Prevx1? Some people us both PG and SSM, isn't that an overkill? Could someone add PG and SSM to Prevx1 lineup? What other info about this can anyone provide?

Is prevx1 enough to cover what others like ProcessGuard or System Safety Monitor cover? Is there an advantage to add PG or SSM to Prevx1? Some people us both PG and SSM, isn't that an overkill? Could someone add PG and SSM to Prevx1 lineup? What other info about this can anyone provide?

dja2k

Click to expand...

That's what I like to know too. I have already the best method for removal of malwares, now I have to find a solution to stop the execution of malwares.
Possibilities are :
1. Prevx1 and/or
2. Online Armor and/or
3. System Safety Monitor and/or
4. Anti-Executable
5. ... who knows.
I can't use ProcessGuard, because it doesn't like FirstDefense-ISR.
Which one or which combination is able to stop most malwares of doing their evil job and is suitable for less-knowledgeable users ?

Yeah I know that we can't use ProcessGuard when using FD-ISR. I am leaning towards installing System Safety Monitor at the moment, but not sure. I ran both leaktests of SSM (not having SSM installed) and they both got passed my Prevx1, Nod32, and OA AV+ defense. Both leaktests ran and nothing alerted me of them and prevx1 noted them as green "safe" .

Prevx1 and Online Armor are not enough for certain type of attacks in my view according to those leaktests.

I still don't really know if SSM is better than APPDEFEND part of GSS with REGDEFEND.

I am sure that soime of the new firewalls have some type of HIPS, but all new firewalls are giving me BSOD errors and Look'n'Stop has never giving me any errors.

dja2k

Click to expand...

Are SSM, APPDEFEND, REGDEFEND userfriendly enough or can they be used as userfriendly enough

Well not to sure on how to answer, but they are mostly user interactive programs, not set and forget. I have not used SSM to really know how good it is. I do however remember how APPDEFEND was and it was fairly easy for me as well as adding REGDEFEND rules from TonyKlein. APPDEFEND still needed work as it was left in beta (few problems with some protection, nothing big) and new APPDEFEND in alpha at the moment. Online Armor is great, no conflict with other HIPS, good anti executable with reg protection tracking of executables to undo changes if you let the wrong thing run. Online Armor as far as my opinion goes, is the best anti-executable protection and the easiest user freindly program of all, but doesn't not cover exactly what SSM and GSS cover.

Right now the most user friendly is SSM in my opinion. As to registry protection, I think Regdefend is far more comprehensive, however saying that, I never get an alert from Regdefend that I didn't get from SSM.

With SSM you can make things as tight or easy as you want. I lilke it cause I can keep it out of my way. When I uninstall something, I just right click on the systray and click exit. Then it's out of the way for uninstall. For install of trusted programs, I first click on learning mode, then exit. That way it's out of the way when the installer runs, and is in learning mode on reboot so it picks up the startup. To go into depth with the program will take some study.

Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable.

Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable.

Click to expand...

Not every user has the SAME computer and several FDISR-users, including me, had errors with copy/updating snapshots, when PG was installed. Other users told me that PG was working fine. That happens with most softwares, they like you or they don't like you, same with people.
Since copy/update is the most used function in FDISR, I decided to ditch PG, which I didn't like anyway.
This is another computer gremlin.

Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable.

Click to expand...

William, I did that, and aside from the fact it was a pain, I still got errors when updating archives. PG just wasn't worth the hassle.

Maybe I can use Online Armor and SSM together to stop most executables.
I don't think, I will ever have a 100% Anti-Executable software(s), but I have at least a 100% removal method in my frozen snapshot.
If a malware is really dangerous, like KillDisk Virus, I think that most anti-executable softwares will handle these malwares as fast as possible.
If one of the less dangerous ones isn't stopped by Online Armor or SSM, I can live with that because they will be removed anyway during the next reboot.
I only need an anti-executable software to survive a maximum period of 8-16 hours, the rest is for sleeping.

Maybe I can use Online Armor and SSM together to stop most executables.
I don't think, I will ever have a 100% Anti-Executable software(s), but I have at least a 100% removal method in my frozen snapshot.
If a malware is really dangerous, like KillDisk Virus, I think that most anti-executable softwares will handle these malwares as fast as possible.
If one of the less dangerous ones isn't stopped by Online Armor or SSM, I can live with that because they will be removed anyway during the next reboot.
I only need an anti-executable software to survive a maximum period of 8-16 hours, the rest is for sleeping.

Click to expand...

Erik. OA stops exe's and drives on a basic level. It also is very good at controlling the bad stuff that can happen with Internet Explorer, like Active X. Sure I use Opera, but there are times you need IE and OA is good protection. SSM is great because you can do more than basic control. For example you can control whether and exe just is allowed to run, or you can control who is allowed to run it. Same with drivers. Not only that they can be installed, but also who can install them. In many cases you can actually specifiy only with the given command line, which is great for Rundll32.exe or services.exe. Obviously this takes a bit more care, but you can really protect your system very well.

Erik. OA stops exe's and drives on a basic level. It also is very good at controlling the bad stuff that can happen with Internet Explorer, like Active X. Sure I use Opera, but there are times you need IE and OA is good protection. SSM is great because you can do more than basic control. For example you can control whether and exe just is allowed to run, or you can control who is allowed to run it. Same with drivers. Not only that they can be installed, but also who can install them. In many cases you can actually specifiy only with the given command line, which is great for Rundll32.exe or services.exe. Obviously this takes a bit more care, but you can really protect your system very well.

Pete

Click to expand...

At first sight, SSM looks CHINESE to me. SSM is most probably a good software, if you know HOW to work with it.
I only want to run my legitimate applications and the execution of anything else needs to be blocked. So my wishes are simple and clear.
I think SSM will take me a very looong time, before I understand what I'm doing. Usually I avoid such softwares, because they are more dangerous for me, than safe.
I've downloaded the manual, I better start reading that one, before I start firing questions at Wilders.

I think Prevx1 or OA will be much better for what you want than PG, SSM, or AE.

Click to expand...

Agree with you Devinco. I have a liscence of PG and I ditch it mainly because it was interfering too much with my work. But also because OF incompatibility with
FD ISR. I also had OA installed for one year and I did not renew the liscence.

Lately I've been trying SSM and Prevx1 and of the two, I definitly prefer Prevx1.

Anti-Executable is the simpliest of all. Is it as good as the rest ?, I don't know.
I like Prevx1 and my computer is powerfull enough to handle it.
Don't know much about Online Armor yet and I can't give SSM to housewives.

At first sight, SSM looks CHINESE to me. SSM is most probably a good software, if you know HOW to work with it.
I only want to run my legitimate applications and the execution of anything else needs to be blocked. So my wishes are simple and clear.
I think SSM will take me a very looong time, before I understand what I'm doing. Usually I avoid such softwares, because they are more dangerous for me, than safe.
I've downloaded the manual, I better start reading that one, before I start firing questions at Wilders.

Click to expand...

Erik. You can start with SSM, by using learning mode to get started, and then when you get pop up's read them. You will easily start to get the hang of whats going on. I am problably only getting 50% of what can be had, but I still think it's great. Look at my example below.

Hey Pete, do you think that SSM Full Version offers more than AD\RD (Ghost Security Suite) and PG once it is setup correctly? Does SSM conflict with FD-ISR in any way?

dja2k

Click to expand...

First, absolutely no conflict between SSM and FDISR. I don't disable SSM or anything like that. SSM and Ghost are very simliar, it's a tough call, and I know Jason is busily working on Ghost, as are SSM. It's a horse race. Frankly I think PG is back in the pack. Other than the window stuff which never bothered with, SSM does a much better job with things like Rundll32 and services.

Let me give an example of what I really like about SSM

I use Intuits Quickbooks, and it has two exe's QBWQ32.exe is the primary one.
Normally I click on the desktop Icon, open quickbooks and select the company file I want to work on.

Having just reloaded OA and SSM here's what happens when I first start Quickbooks as described above. OA says QBW32.exe is trying to run. I give it permenant permission. SSM says Explorer.exe is trying to start QBW32.exe, and again I give it permenant permission.

Now, for the first time, I start quickbooks, by double clicking on a company file. Doing this causes a program QBLaunch.exe to start and launch QBW32.exe. OA challenges QBLaunch and once allowed lets the whole thing go, it knows about QBW32.exe. SSM first challenges QBLaunch.exe, being started by explorer.exe and once allowed, SSM the challenges QBW32, because it is being started by something other than explorer. SSM also shows the whole command line being used and you can also check a box, which tells SSM to only allow this automatically if the command line is the same. This means something couldn't hijack the process and do the same thing with a different command line.

So I see you have System Safety Monitor + Online Armor in your sig, but do you have prevx1 running along side that as well?

dja2k

Click to expand...

I have 6 snapshots in total, right now :
1 off-line snapshot (which will be my rollback snapshot in the future)
1 snapshot for rollback at this moment
1 snapshot for online jobs
1 snapshot with Anti-Executable (experiment)
1 snapshot with Prevx1 (experiment)
1 snapshot with System Safety Monitor + Online Armor (experiment)

Since I don't get any clear answers at Wilders regarding anti-executable softwares, I don't have any real goal with all these softwares and I don't really know how to test them and keep these tests under control.
My thinking gets better, when its colder outside.